[libvirt] [PATCH 3/3] virnetdev: Add check for unprivileged daemon
Daniel P. Berrange
berrange at redhat.com
Wed Nov 4 09:36:27 UTC 2015
On Tue, Nov 03, 2015 at 07:18:11PM -0500, John Ferlan wrote:
> Using virNetDevSetupControl (due to usage of AF_PACKET instead of
> AF_LOCAL for the socket call) or even ioctl(SIOCETHTOOL) will fail
> for an unprivileged daemon. Since in the long run the caller only
> cares if bits are found in order to set a bit in a bitmap, let's
> just add a VIR_WARN instead of an error message.
>
> Signed-off-by: John Ferlan <jferlan at redhat.com>
> ---
> src/util/virnetdev.c | 8 ++++++++
> 1 file changed, 8 insertions(+)
>
> diff --git a/src/util/virnetdev.c b/src/util/virnetdev.c
> index d47859e..acf8ba6 100644
> --- a/src/util/virnetdev.c
> +++ b/src/util/virnetdev.c
> @@ -3154,6 +3154,14 @@ virNetDevSendEthtoolIoctl(const char *ifname, void *cmd)
> int fd;
> struct ifreq ifr;
>
> + /* Won't work if not running as root. Rather than generate
> + * error, just WARN and return.
> + */
> + if (geteuid() != 0) {
> + VIR_WARN("cannot get ETHTOOL feature bits");
> + return ret;
> + }
> +
I think rather than this, we should patch node_Device_udev.c to simply
not call this API when running unprivileged
Regards,
Daniel
--
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
More information about the libvir-list
mailing list